CVE-2019-10226

🗓️ 10 Jun 2019 00:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 118 Views🌐 WEB

HTML Injection in Fat Free CRM v0.19.

Reporter	Title	Published	Views	Family All 14
0day.today	Fat Free CRM 0.19.0 - HTML Injection Vulnerability	28 Mar 201900:00	–	zdt
Circl	CVE-2019-10226	28 Mar 201919:06	–	circl
CNVD	Fat Free CRM Code Injection Vulnerability	28 Mar 201900:00	–	cnvd
Cvelist	CVE-2019-10226	10 Jun 201900:00	–	cvelist
Exploit DB	Fat Free CRM 0.19.0 - HTML Injection	28 Mar 201900:00	–	exploitdb
exploitpack	Fat Free CRM 0.19.0 - HTML Injection	28 Mar 201900:00	–	exploitpack
Github Security Blog	Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability	24 May 202216:47	–	github
NVD	CVE-2019-10226	10 Jun 201923:29	–	nvd
OSV	GHSA-GMG5-R3C4-3FM9 Withdrawn Advisory: Fat Free CRM Cross-site Scripting vulnerability	24 May 202216:47	–	osv
Packet Storm	Fat Free CRM 0.19.0 HTML Injection	27 Mar 201900:00	–	packetstorm

NVD

Node

fatfreecrm fat_free_crmMatch0.19.0

Source	Link
github	www.github.com/fatfreecrm/fat_free_crm/blob/master/app/views/comments/_comment.html.haml
github	www.github.com/fatfreecrm/fat_free_crm/issues/1235
packetstormsecurity	www.packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.html
exploit-db	www.exploit-db.com/exploits/46617/
apidock	www.apidock.com/rails/ActionView/Helpers/TextHelper/simple_format

Parameter	Position	Path	Description	CWE
comment[comment]	nested	/comments	HTML injection in comment content via POST /comments causing potential XSS	CWE-79
comment[commentable_id]	nested	/comments	HTML injection in comment content via POST /comments causing potential XSS	CWE-79
comment[commentable_type]	nested	/comments	HTML injection in comment content via POST /comments causing potential XSS	CWE-79

17 Jun 2026 02:10Current

5.2Medium risk

Vulners AI Score5.2

CVSS 24.3

CVSS 35.4

EPSS0.04702

cve-2019-10226 html injection fat free crm nvd